help-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GRUB can't chainload Windows under Secure Boot

From: Giovanni Santini
Subject: Re: GRUB can't chainload Windows under Secure Boot
Date: Fri, 9 Dec 2016 13:10:25 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 
Il 09/12/2016 04:41, Andrei Borzenkov ha scritto:
> 
> Well, normal grub-install knows nothing about loader.efi. So probably
> now is your turn to explain what you did exactly.
> 

So, my full GRUB setup can be summarized with the following steps:
1. install the needed packages with
$ yaourt -S grub preloader-signed
2. mount EFI partition at /boot/efi and set it up in fstab
3. install grub with
$ grub-install --target=x86_64-efi --efi-directory=/boot/efi
--bootloader-id=ArchGrub
4. Add the needed PreLoader and HashTool where needed
$ cp /usr/share/preloader-signed/*.efi /boot/efi/EFI/ArchGrub
5. Copy GRUB to be called 'loader.efi' as PreLoader wants
$ cp /boot/efi/EFI/ArchGrub/grubx64.efi /boot/efi/EFI/ArchGrub/loader.efi
6. Add the needed UEFI entry with efibootmgr
efibootmgr --disk /dev/sda --part 1 --create --label "SecureGrub"
--loader /EFI/ArchGrub/PreLoader.efi
7. Boot with Secure Boot ON; PreLoader will fail to load GRUB, so
HashTool will be executed. I've then enrolled 'loader.efi' and I was
able to start GRUB under Secure Boot and also every other Linux OS.

A note: I've added a custom target for GRUB so that it could chainload
HashTool directly... But it isn't working. So I suppose something is
wrong with the chainloader command... maybe. As I said, I am not an
expert of GRUB.

> Edit grub-core/loader/efi/chainloader.c, print EFI status when loading
> fails, then we at least know why it fails. This is in function
> grub_cmd_chainloader, after call to b->load_image.
> 
>   status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
>                        boot_image, size,
>                        &image_handle);
>   if (status != GRUB_EFI_SUCCESS)
>     {
>       if (status == GRUB_EFI_OUT_OF_RESOURCES)
>         grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
>       else
>         grub_error (GRUB_ERR_BAD_OS, "cannot load image");
> 
>       goto fail;
>     }
> 
> Change to
> 
> grub_error (GRUB_ERROR_BAD_OS, "cannot load image: %08x", status)
> 

OK! I will made this change and build it.
Then I will provide you feedback on boot attempt!

-- 
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://git{hub,lab}.com/ItachiSan
My GPG: 2FADEBF5
reply via email to
[Prev in Thread] Current Thread [Next in Thread]